'GlyphPatch' Fixes a Vulnerability With iOS Character Rendering Engines

On Sunday, well-known iOS developer Flippo Bigarella released a new free jailbreak tweak in Cydia called GlyphPatch, which has managed to perk some eyebrows. The tweak fixes a vulnerability in iOS having to do with character rendering engines that can be the root cause of a DoS (Denial of Service) attack, as the developer explains:

Originally Posted by Filippo

GlyphPatch is a MobileSubstrate tweak which aims to patch a vulnerability affecting iOS / OS X characters rendering engines which can be exploited through a malicious sequence of characters in order to achieve a DoS attack.

...

By installing this tweak you can protect yourself from this particular attack on iOS. Since the vulnerability has been fixed on iOS 7, I donít know if Apple will issue a 6.x update just to fix it before the next major release. So, if you donít want to loose your jailbreak and be immune against that attack, just install it from Cydia.

Bigarella notes that the vulnerability was first disclosed on August 29th, 2013 and that this tweak can help protect you from the DoS attack without the need to update to a software update that Apple may (or may not) release in the future to patch this problem.

The vulnerability can be effective against users through all kinds of application interfaces, including the Messages application, Safari application, Settings application, and more. Virtually anywhere in iOS where characters can be rendered, the user can be affected.

This vulnerability is also available in Mac OS X; Bigarella explains that he is working on a fix for Mac OS X users too, but it is not yet available at this point in time. GlyphPatch is an open source jailbreak tweak, and its source code is available on Github at this link. Bigarella goes into more detail about how the vulnerability works on his blog at this link.

After installing GlyphPatch, you will be protected from this vulnerability without having to take any further steps. If you want to grab it, refresh your sources and take a look in the Changes tab of Cydia.

Man, this may have caused a problem with my Youtube app but it seems every other tweak and app is running way smoother and opening super quick. Seems like my phone isn't crashing as much either! Will someone please tell me if I'm dreaming.

You're right it's not there. The version I have is 0.1-6. If you go to his Github page he's up to 0.2-1 so maybe he's pulled it for the time being. There looks like there was one conflict with WhatsApp but I don't have that and haven't had any issues with it so far.